Exciting news!Announcing our $4.6M Series Seed. Learn more
Socket
LoveBlogFAQ
Install
Log in

Git dependency

Severity

High

Description

Contains a dependency which resolves to a remote git URL. Dependencies fetched from git URLs are not immutable can be used to inject untrusted code or reduce the likelihood of a reproducible install.

Suggestion

Publish the git dependency to npm or a private package repository and consume it from there.

Packages with this issue

chokidar

A neat wrapper around node.js fs.watch / fs.watchFile.

paulmillr
 published 0.8.4 •

utif

Fast and advanced TIFF decoder

scimonster
 published 1.3.0 •

jspdf

PDF Document creation from JavaScript

mrjameshall
 published 1.5.3 •

web3-providers-ws

Module to handle web3 RPC connections over WebSockets.

nivida
 published 1.2.2 •

web3

Ethereum JavaScript API, middleware to talk to a ethereum node over RPC

frozeman
 published 0.20.7 •

web3-eth-accounts

Web3 module to generate Ethereum accounts and sign data and transactions.

nivida
 published 1.2.2 •

react-native-gesture-handler

Experimental implementation of a new declarative API for gesture handling in react-native

osdnk
 published 1.5.6 •

msgpackr-extract

Node addon for string extraction for msgpackr

kriszyp
 published 1.1.0 •

eth-sig-util

A few useful functions for signing ethereum data

danfinlay
 published 1.4.2 •

@postlight/mercury-parser

Mercury transforms web pages into clean text. Publishers and programmers use it to make the web make sense, and readers use it to read any web article comfortably.

jadt26
 published 2.2.1 •
Socket

Product

NPM Packages

About

Subscribe to our newsletter

Get open source security insights delivered straight into your inbox. Be the first to learn about new features and product updates.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc